Information security analyst is the eighth best job in the United States, according to U.S. News and World Report's Top 100 Jobs in 2015 list. Job openings in the field are expected to increase 36.5 percent by 2022 and median pay is $88,890 per year, the Bureau of Labor Statistics reported in 2014. But in spite of all these benefits, successful hiring in cybersecurity careers is flagging.
Cybersecurity plays a vital role in protecting our nation and individuals' private data. Those who work to prevent hacking are expected to be at the top of their game in terms of qualifications. But it seems that the most interested candidates are still not up to par.
"It is pretty much impossible to hire folks within the indicated backgrounds," Yahoo's chief information officer Alex Stamos told United Press International last month. "There are maybe four or five thousand people in North America I can hire right now who have the technical skills keen to us."
In order to make appropriate hiring decisions, some companies and organizations have considered lowering the high standards for security personnel in order to encourage more job recruits. In a speech last week to Abington High School in Philadelphia, defense secretary Ash Carter hinted that the military may be relaxing its enlisting requirements in areas like age and physical fitness, especially for positions in cybersecurity.
"Military leaders have long complained that it is difficult to attract and keep cyber professionals in the services because they can make far more money in private industry," the Associated Press reported in response to Carter's speech.
In the private sector, one of the biggest problems in gaining and retaining cybersecurity employees is the lack of proper training. A Council on Foreign Relations task force on education reform and national security — co-chaired by Condoleezza Rice and Joel I. Klein — stressed the importance of sufficient education in protecting U.S. security in a 2012 report.
"The United States must produce enough citizens with critical skills to fill the ranks of Foreign Service, the intelligence community and the armed services," the report read. "The dominant power of the 21st century will depend on human capital. The failure to produce that capital will undermine American security."
While lots of colleges offer programs devoted to careers in cybersecurity, many do not provide enough diversity in subject matter in order to cover all of the complexities involved. In a study conducted by the Ponemon Institute, a research center focused on information security, the University of Texas at San Antonio offers the highest-ranked cybersecurity program in the United States. Part of the key to the program's success is its multi-branched approach to security training.
"There is no 'one size fits all' degree or program that will prepare individuals for any/all jobs in cybersecurity," said Dr. Greg White, director of the Center for Infrastructure Assurance and Security at UTSA. "There are many different cybersecurity jobs with varying requirements. Some need individuals with a more applied understanding of security. Others need individuals with a more in-depth understanding of technology. UTSA is meeting these needs by having multiple security programs."
Some of these programs include studies in data mining, intrusion detection and biometrics, all of which teach students to think like hackers in order to prevent leaks in private information stores.
"Systems will be penetrated and a security professional needs to approach a penetration with a desire to learn from it — find out how it occurred, who did it, and what can be done to avoid a similar occurrence in the future," White said. "The saying is that an attacker only has to find one opening; the security professional has to defend all possible openings. This is a fact the security professional has to accept and deal with. You can't get discouraged and frustrated just because it may seem like the deck is stacked against you."
Other crucial qualities in becoming a proficient cybersecurity analyst are determination and adaptability, according to White.
"When I first got involved in security ... mobile phones didn't exist and the cloud was something that we looked up to the sky to view," he told the Washington Examiner. "As each of these advances became commonplace, security issues were introduced and we had to understand them in order to be able to secure these new technologies.
"One [quality] is curiosity and a desire to learn. In a field that is constantly changing, one where not only new technology is constantly introduced, but methods to exploit these technologies are also being discovered, a security professional can't sit back and assume they have learned all they will need to know to be successful in the field. Individuals need to continually be learning and advancing their understanding of the most current issues."
As the cybersecurity industry continues to evolve and grow, it will need people who exhibit tenacity and versatility. It will take schools that produce workers well-versed in navigating a rapidly-changing environment. It will take organizations willing to hire employees who may not fit the typical mold. Cybersecurity is a vital part of our world today and will continue to be necessary as more details of our lives are recorded digitally.